If you’ve been following our Copilot plugin, you may have noticed the recent addition of capabilities for managing multiple bots/LLMs. It’s not in our official plugin release yet, but this update makes it possible to configure bots with different LLMs for specific purposes.
We are in the early stages of designing further enhancements to multi-bot configuration that will enable access controls for each bot. Our aim is to give admins more control over user access to LLMs and the data the LLMs have access to. This will offer the ability to create multiple bots with specific purposes that will only be available to specific users. For example, you could have a general-purpose AI bot for your team, but you need to block HR channel data or HR team members from using it due to sensitive data and conversations. You could also have a bot that is tied to a local LLM that has wider access to users and content in the system with no concerns about data leaving your organization.
These new settings would replace the current experimental ‘user restrictions’ settings in the existing plugin.
Bot roles
The way we’re thinking about access controls is to offer different ‘roles’ that each bot can play. For each bot configured in Copilot settings, there are two different roles that can be enabled:
Channel-based assistance: Bots can use the context of a channel they’re allowed to access and provide expert assistance on that channel to end users.
Personal assistance: The bot can look across only messages the user has access to, in order to provide assistance or answers to questions from sources across the workspace. The bot will only share those answers personally with that user and no one else.
Channel-based assistance: access options
If ‘channel-based assistance’ is enabled, admins can also decide which channels the bot (and it’s associated LLM) has access to. They can choose to allow all channels, allow selected channels, or block selected channels.
Allowing specific channels
When ‘Allow specific channels’ is chosen, a field displays for admins to enter individual channels or entire Mattermost teams. Once saved, these channels will be the only ones allowed for channel-based assistance.
Blocking specific channels
When ‘Block selected channels’ is chosen, a similar field displays for admins to enter individual channels or entire Mattermost teams. Once saved, channel assistance will not be available for these channels. All other channels will have channel assistance enabled for this bot.
Personal assistance: access options
If ‘personal assistance’ is enabled for a bot, admins can also decide which users can have access. They can choose to allow access to all users, allow selected users, or block selected users.
Allowing selected users
When ‘Allow selected users’ is chosen, a field displays for admins to enter individual users, LDAP groups, or entire Mattermost teams. Once saved, these users or groups will be the only ones allowed to access this bot.
Blocking selected users
When ‘Block selected users’ is chosen, a field displays for admins to enter individual users, LDAP groups, or entire Mattermost teams. Once saved, these users or groups will be blocked from using this bot as a personal assistant. All other users not specified will be allowed.
What do you think about this capability?
Would this suit your organization’s needs for AI access control in Mattermost? What would you like to see? Drop us a line here in this forum post and let us know what you think. We are validating this concept with customers and users so all feedback helps us solidify the solution.